package org.codehaus.groovy.grails.plugins.springsecurity;

import grails.util.Environment;
import groovy.lang.Closure;
import groovy.lang.GroovyClassLoader;
import groovy.util.ConfigObject;
import groovy.util.ConfigSlurper;
import java.lang.reflect.InvocationHandler;
import java.lang.reflect.Method;
import java.lang.reflect.Proxy;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.SortedMap;
import java.util.TreeMap;
import javax.servlet.Filter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.codehaus.groovy.grails.commons.GrailsApplication;
import org.springframework.security.access.hierarchicalroles.RoleHierarchy;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.GrantedAuthorityImpl;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserCache;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.web.FilterChainProxy;
import org.springframework.security.web.authentication.switchuser.SwitchUserFilter;
import org.springframework.security.web.authentication.switchuser.SwitchUserGrantedAuthority;
import org.springframework.security.web.savedrequest.SavedRequest;
import org.springframework.util.StringUtils;

/* loaded from: input_file:embedded.war:WEB-INF/classes/org/codehaus/groovy/grails/plugins/springsecurity/SpringSecurityUtils.class */
public final class SpringSecurityUtils {
    private static ConfigObject _securityConfig;
    private static GrailsApplication _application;
    public static final String AJAX_HEADER = "X-Requested-With";
    public static final String NO_ROLE = "ROLE_NO_ROLES";
    private static final Map<String, Object> _context = new HashMap();
    private static final String ORDERED_FILTERS_KEY = "ORDERED_FILTERS";

    @Deprecated
    public static final Map<Integer, String> ORDERED_FILTERS = (Map) createDelegate(ORDERED_FILTERS_KEY, Map.class, HashMap.class);
    private static final String CONFIGURED_ORDERED_FILTERS_KEY = "CONFIGURED_ORDERED_FILTERS";

    @Deprecated
    public static final SortedMap<Integer, Filter> CONFIGURED_ORDERED_FILTERS = (SortedMap) createDelegate(CONFIGURED_ORDERED_FILTERS_KEY, SortedMap.class, TreeMap.class);
    private static final String VOTER_NAMES_KEY = "VOTER_NAMES";

    @Deprecated
    public static final List<String> VOTER_NAMES = (List) createDelegate(VOTER_NAMES_KEY, List.class, ArrayList.class);
    private static final String PROVIDER_NAMES_KEY = "PROVIDER_NAMES";

    @Deprecated
    public static final List<String> PROVIDER_NAMES = (List) createDelegate(PROVIDER_NAMES_KEY, List.class, ArrayList.class);
    private static final String LOGOUT_HANDLER_NAMES_KEY = "LOGOUT_HANDLER_NAMES";

    @Deprecated
    public static final List<String> LOGOUT_HANDLER_NAMES = (List) createDelegate(LOGOUT_HANDLER_NAMES_KEY, List.class, ArrayList.class);

    private SpringSecurityUtils() {
    }

    public static void setApplication(GrailsApplication grailsApplication) {
        _application = grailsApplication;
        initializeContext();
    }

    public static Set<String> authoritiesToRoles(Object obj) {
        HashSet hashSet = new HashSet();
        for (Object obj2 : ReflectionUtils.asList(obj)) {
            String authority = ((GrantedAuthority) obj2).getAuthority();
            if (null == authority) {
                throw new IllegalArgumentException("Cannot process GrantedAuthority objects which return null from getAuthority() - attempting to process " + obj2);
            }
            hashSet.add(authority);
        }
        return hashSet;
    }

    public static Collection<GrantedAuthority> getPrincipalAuthorities() {
        Collection<GrantedAuthority> authorities;
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (authentication != null && (authorities = authentication.getAuthorities()) != null) {
            ArrayList arrayList = new ArrayList(authorities);
            Iterator it = arrayList.iterator();
            while (it.hasNext()) {
                if (((GrantedAuthority) it.next()).getAuthority().equals(NO_ROLE)) {
                    it.remove();
                }
            }
            return arrayList;
        }
        return Collections.emptyList();
    }

    public static List<GrantedAuthority> parseAuthoritiesString(String str) {
        ArrayList arrayList = new ArrayList();
        for (String str2 : StringUtils.commaDelimitedListToStringArray(str)) {
            String trim = str2.trim();
            if (trim.length() > 0) {
                arrayList.add(new GrantedAuthorityImpl(trim));
            }
        }
        return arrayList;
    }

    public static Set<String> retainAll(Object obj, Object obj2) {
        Set<String> authoritiesToRoles = authoritiesToRoles(obj);
        authoritiesToRoles.retainAll(authoritiesToRoles(obj2));
        return authoritiesToRoles;
    }

    public static boolean ifAllGranted(String str) {
        return findInferredAuthorities(getPrincipalAuthorities()).containsAll(parseAuthoritiesString(str));
    }

    public static boolean ifNotGranted(String str) {
        return retainAll(findInferredAuthorities(getPrincipalAuthorities()), parseAuthoritiesString(str)).isEmpty();
    }

    public static boolean ifAnyGranted(String str) {
        return !retainAll(findInferredAuthorities(getPrincipalAuthorities()), parseAuthoritiesString(str)).isEmpty();
    }

    public static synchronized ConfigObject getSecurityConfig() {
        if (_securityConfig == null) {
            reloadSecurityConfig();
        }
        return _securityConfig;
    }

    public static void setSecurityConfig(ConfigObject configObject) {
        _securityConfig = configObject;
    }

    public static synchronized void resetSecurityConfig() {
        _securityConfig = null;
    }

    public static synchronized void loadSecondaryConfig(String str) {
        mergeConfig(getSecurityConfig(), str);
    }

    public static void reloadSecurityConfig() {
        mergeConfig(ReflectionUtils.getSecurityConfig(), "DefaultSecurityConfig");
    }

    public static boolean isAjax(HttpServletRequest httpServletRequest) {
        String str = (String) ReflectionUtils.getConfigProperty("ajaxHeader");
        if (httpServletRequest.getHeader(str) != null || "true".equals(httpServletRequest.getParameter("ajax"))) {
            return true;
        }
        SavedRequest savedRequest = (SavedRequest) httpServletRequest.getSession().getAttribute("SPRING_SECURITY_SAVED_REQUEST_KEY");
        return (savedRequest == null || savedRequest.getHeaderValues(str).isEmpty()) ? false : true;
    }

    public static void registerProvider(String str) {
        getProviderNames().add(0, str);
    }

    public static synchronized List<String> getProviderNames() {
        return (List) getFromContext(PROVIDER_NAMES_KEY);
    }

    public static void registerLogoutHandler(String str) {
        getLogoutHandlerNames().add(0, str);
    }

    public static synchronized List<String> getLogoutHandlerNames() {
        return (List) getFromContext(LOGOUT_HANDLER_NAMES_KEY);
    }

    public static void registerVoter(String str) {
        getVoterNames().add(0, str);
    }

    public static List<String> getVoterNames() {
        return (List) getFromContext(VOTER_NAMES_KEY);
    }

    public static void registerFilter(String str, SecurityFilterPosition securityFilterPosition) {
        registerFilter(str, securityFilterPosition.getOrder());
    }

    public static void registerFilter(String str, int i) {
        String str2 = getOrderedFilters().get(Integer.valueOf(i));
        if (str2 != null) {
            throw new IllegalArgumentException("Cannot register filter '" + str + "' at position " + i + "; '" + str2 + "' is already registered in that position");
        }
        getOrderedFilters().put(Integer.valueOf(i), str);
    }

    public static Map<Integer, String> getOrderedFilters() {
        return (Map) getFromContext(ORDERED_FILTERS_KEY);
    }

    public static void clientRegisterFilter(String str, SecurityFilterPosition securityFilterPosition) {
        clientRegisterFilter(str, securityFilterPosition.getOrder());
    }

    public static void clientRegisterFilter(String str, int i) {
        Filter filter = getConfiguredOrderedFilters().get(Integer.valueOf(i));
        if (filter != null) {
            throw new IllegalArgumentException("Cannot register filter '" + str + "' at position " + i + "; '" + filter + "' is already registered in that position");
        }
        getConfiguredOrderedFilters().put(Integer.valueOf(i), (Filter) getBean(str));
        FilterChainProxy filterChainProxy = (FilterChainProxy) getBean("springSecurityFilterChain");
        filterChainProxy.setFilterChainMap(Collections.singletonMap(filterChainProxy.getMatcher().getUniversalMatchPattern(), new ArrayList(getConfiguredOrderedFilters().values())));
    }

    public static SortedMap<Integer, Filter> getConfiguredOrderedFilters() {
        return (SortedMap) getFromContext(CONFIGURED_ORDERED_FILTERS_KEY);
    }

    public static boolean isSwitched() {
        return ifAllGranted(SwitchUserFilter.ROLE_PREVIOUS_ADMINISTRATOR);
    }

    public static String getSwitchedUserOriginalUsername() {
        if (!isSwitched()) {
            return null;
        }
        for (GrantedAuthority grantedAuthority : SecurityContextHolder.getContext().getAuthentication().getAuthorities()) {
            if (grantedAuthority instanceof SwitchUserGrantedAuthority) {
                return ((SwitchUserGrantedAuthority) grantedAuthority).getSource().getName();
            }
        }
        return null;
    }

    public static String getSecurityConfigType() {
        return getSecurityConfig().get("securityConfigType").toString();
    }

    public static void reauthenticate(String str, String str2) {
        UserDetailsService userDetailsService = (UserDetailsService) getBean("userDetailsService");
        UserCache userCache = (UserCache) getBean("userCache");
        UserDetails loadUserByUsername = userDetailsService.loadUserByUsername(str);
        SecurityContextHolder.getContext().setAuthentication(new UsernamePasswordAuthenticationToken(loadUserByUsername, str2 == null ? loadUserByUsername.getPassword() : str2, loadUserByUsername.getAuthorities()));
        userCache.removeUserFromCache(str);
    }

    public static Object doWithAuth(Closure closure) {
        HttpSession session;
        SecurityContext securityContext;
        boolean z = false;
        if (SecurityContextHolder.getContext().getAuthentication() == null && (session = SecurityRequestHolder.getRequest().getSession(false)) != null && (securityContext = (SecurityContext) session.getAttribute("SPRING_SECURITY_CONTEXT")) != null) {
            SecurityContextHolder.setContext(securityContext);
            z = true;
        }
        try {
            Object call = closure.call();
            if (z) {
                SecurityContextHolder.clearContext();
            }
            return call;
        } catch (Throwable th) {
            if (z) {
                SecurityContextHolder.clearContext();
            }
            throw th;
        }
    }

    public static Object doWithAuth(String str, Closure closure) {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        reauthenticate(str, null);
        try {
            Object call = closure.call();
            if (authentication == null) {
                SecurityContextHolder.clearContext();
            } else {
                SecurityContextHolder.getContext().setAuthentication(authentication);
            }
            return call;
        } catch (Throwable th) {
            if (authentication == null) {
                SecurityContextHolder.clearContext();
            } else {
                SecurityContextHolder.getContext().setAuthentication(authentication);
            }
            throw th;
        }
    }

    private static void mergeConfig(ConfigObject configObject, String str) {
        GroovyClassLoader groovyClassLoader = new GroovyClassLoader(SpringSecurityUtils.class.getClassLoader());
        try {
            _securityConfig = mergeConfig(configObject, (ConfigObject) new ConfigSlurper(Environment.getCurrent().getName()).parse(groovyClassLoader.loadClass(str)).getProperty("security"));
            ReflectionUtils.setSecurityConfig(_securityConfig);
        } catch (ClassNotFoundException e) {
            throw new RuntimeException(e);
        }
    }

    private static ConfigObject mergeConfig(ConfigObject configObject, ConfigObject configObject2) {
        ConfigObject configObject3 = new ConfigObject();
        if (configObject2 == null) {
            configObject3.putAll(configObject);
        } else {
            configObject3.putAll(configObject2.merge(configObject));
        }
        return configObject3;
    }

    private static Collection<GrantedAuthority> findInferredAuthorities(Collection<GrantedAuthority> collection) {
        Collection<GrantedAuthority> reachableGrantedAuthorities = ((RoleHierarchy) getBean("roleHierarchy")).getReachableGrantedAuthorities(collection);
        return reachableGrantedAuthorities == null ? Collections.emptyList() : reachableGrantedAuthorities;
    }

    private static <T> T getBean(String str) {
        return (T) _application.getMainContext().getBean(str);
    }

    private static Object createDelegate(final String str, Class<?> cls, Class<?> cls2) {
        try {
            storeInContext(str, cls2.newInstance());
        } catch (IllegalAccessException e) {
        } catch (InstantiationException e2) {
        }
        return Proxy.newProxyInstance(cls2.getClassLoader(), new Class[]{cls}, new InvocationHandler() { // from class: org.codehaus.groovy.grails.plugins.springsecurity.SpringSecurityUtils.1
            @Override // java.lang.reflect.InvocationHandler
            public Object invoke(Object obj, Method method, Object[] objArr) throws Throwable {
                return method.invoke(SpringSecurityUtils.getFromContext(str), objArr);
            }
        });
    }

    private static void initializeContext() {
        getVoterNames().clear();
        getVoterNames().add("authenticatedVoter");
        getVoterNames().add("roleVoter");
        getVoterNames().add("webExpressionVoter");
        getLogoutHandlerNames().clear();
        getLogoutHandlerNames().add("rememberMeServices");
        getLogoutHandlerNames().add("securityContextLogoutHandler");
        getProviderNames().clear();
        getProviderNames().add("daoAuthenticationProvider");
        getProviderNames().add("anonymousAuthenticationProvider");
        getProviderNames().add("rememberMeAuthenticationProvider");
        getOrderedFilters().clear();
        getConfiguredOrderedFilters().clear();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static Object getFromContext(String str) {
        return _context.get(str);
    }

    private static void storeInContext(String str, Object obj) {
        _context.put(str, obj);
    }
}
